﻿<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) André N. Klingsheim. See NWebsec project website for license information. -->
<xs:schema id="sessionsecurityconfigschema" attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://nwebsec.com/SessionSecurityConfig.xsd" targetNamespace="http://nwebsec.com/SessionSecurityConfig.xsd">
  <xs:simpleType name="simple_boolean">
    <xs:restriction base="xs:NMTOKEN">
      <xs:enumeration value="false" />
      <xs:enumeration value="true" />
    </xs:restriction>
  </xs:simpleType>
  <xs:element name="sessionSecurity" >
    <xs:annotation>
      <xs:documentation>Configuration section for NWebsec.SessionSecurity</xs:documentation>
    </xs:annotation>
    <xs:complexType>
      <xs:all>
        <xs:element name="sessionIDAuthentication" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>Configures session identifier authentication for the application. The AuthenticatedSessionIDManager must be configured in &lt;sessionState sessionIDManagerType="..." /&gt; for these settings to take effect. 
          </xs:documentation>
          </xs:annotation>
          <xs:complexType>
            <xs:attribute name="enabled" type="simple_boolean" use="required">
              <xs:annotation>
                <xs:documentation>Required. Specifies whether session identifier authentication is enabled in the application. The default is false.</xs:documentation>
              </xs:annotation>
            </xs:attribute>
            <xs:attribute name="useMachineKey" type="simple_boolean" use="optional">
              <xs:annotation>
                <xs:documentation>Optional. Specifies whether session identifiers should be protected under the machineKey validation key. If set to false, an authenticationKeyor authenticationKeyAppsetting must be specified. The default is true.</xs:documentation>
              </xs:annotation>
            </xs:attribute>
            <xs:attribute name="authenticationKey" type="xs:hexBinary" use="optional">
              <xs:annotation>
                <xs:documentation>Ignored when useMachineKey is enabled. Specifies the key used to authenticate session identifiers. Should be set to a (minimum) 256-bit hex encoded key (64-character hex string without whitespace).</xs:documentation>
              </xs:annotation>
            </xs:attribute>
            <xs:attribute name="authenticationKeyAppsetting" type="xs:string" use="optional">
              <xs:annotation>
                <xs:documentation>Ignored when useMachineKey is enabled. Specifies the name of the AppSetting holding the key used to authenticate session identifiers. The key in the AppSetting should be set to a (minimum) 256-bit hex encoded key (64-character hex string without whitespace).</xs:documentation>
              </xs:annotation>
            </xs:attribute>
            </xs:complexType>
        </xs:element>
      </xs:all>
    </xs:complexType>
  </xs:element>
</xs:schema>